{"id":1443,"date":"2026-06-25T11:17:45","date_gmt":"2026-06-25T11:17:45","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1443"},"modified":"2026-06-25T11:17:45","modified_gmt":"2026-06-25T11:17:45","slug":"new-gaslight-macos-malware-uses-prompt-injection-to-disrupt-ai-assisted-analysis","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1443","title":{"rendered":"New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Jun 25, 2026<\/span><\/span>AI Security \/ Malware<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact.<\/p>\n

The malware has been codenamed Gaslight<\/b> owing to this deceptive behavior. It’s been assessed with high confidence that the tool is the work of North Korea-aligned threat actors.<\/p>\n

\u00abIts most notable feature is an embedded cascade of fabricated system-failure messages, designed to make an LLM-assisted triage agent doubt its own session,\u00bb SentinelOne researcher Phil Stokes said<\/a> in a technical report. \u00abIt attacks the agent’s perception, rather than the sandbox it runs in.\u00bb<\/p>\n

Central to the malware’s architecture is a Telegram bot API based command-and-control (C2) channel that enters into a polling loop, allowing the operator to issue instructions over an interactive shell and return the results of the execution. In the event two instances of the same bot token poll simultaneously, a \u00abConflict\u00bb response is issued, causing the second copy to terminate.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The shell supports six main commands, granting a persistent foothold over the infected host –<\/p>\n

<\/p>\n